npm - codeslick-cli - Versions diffs - 1.0.0 - Mend

codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js ADDED Viewed

@@ -0,0 +1,71 @@
+"use strict";
+/**
+ * Utility function to create security vulnerability objects for TypeScript analyzer
+ *
+ * This module provides a standardized way to create SecurityVulnerability objects
+ * with proper CVSS scoring, OWASP mapping, and compliance information.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTypeScriptSecurityVulnerability = createTypeScriptSecurityVulnerability;
+const severity_scoring_1 = require("../../../security/severity-scoring");
+const compliance_mapping_1 = require("../../../security/compliance-mapping");
+function createTypeScriptSecurityVulnerability(paramsOrType, message, suggestion, lineNumber, attackDescription, exploitExample, realWorldImpact, remediationBefore, remediationAfter, remediationExplanation) {
+    // Check if using new object-style parameters (OWASP 2025)
+    if (typeof paramsOrType === 'object') {
+        const params = paramsOrType;
+        const scoring = (0, severity_scoring_1.calculateSeverityScore)(params.category);
+        const compliance = (0, compliance_mapping_1.getComplianceMapping)(params.category);
+        return {
+            severity: params.severity.toUpperCase(),
+            message: params.message,
+            suggestion: params.suggestion,
+            line: params.line,
+            category: params.category,
+            securityRelevant: params.securityRelevant, // P3: Propagate security relevance flag
+            cvssScore: scoring.cvssScore,
+            exploitLikelihood: scoring.exploitLikelihood,
+            impact: scoring.impact,
+            owasp: params.owasp,
+            cwe: params.cwe,
+            pciDss: params.pciDss,
+            attackVector: {
+                description: params.attackVector.description,
+                exploitExample: params.attackVector.exploitExample || '',
+                realWorldImpact: params.attackVector.realWorldImpact
+            },
+            remediation: {
+                before: params.remediation.before,
+                after: params.remediation.after,
+                explanation: params.remediation.explanation
+            }
+        };
+    }
+    // Legacy 10-parameter signature (backward compatibility)
+    const vulnerabilityType = paramsOrType;
+    const scoring = (0, severity_scoring_1.calculateSeverityScore)(vulnerabilityType);
+    const compliance = (0, compliance_mapping_1.getComplianceMapping)(vulnerabilityType);
+    return {
+        severity: scoring.severity,
+        message: message,
+        suggestion: suggestion,
+        line: lineNumber,
+        category: vulnerabilityType,
+        cvssScore: scoring.cvssScore,
+        exploitLikelihood: scoring.exploitLikelihood,
+        impact: scoring.impact,
+        owasp: compliance.owasp,
+        cwe: compliance.cwe,
+        pciDss: compliance.pciDss,
+        attackVector: {
+            description: attackDescription,
+            exploitExample: exploitExample,
+            realWorldImpact: realWorldImpact
+        },
+        remediation: {
+            before: remediationBefore,
+            after: remediationAfter,
+            explanation: remediationExplanation
+        }
+    };
+}
+//# sourceMappingURL=createVulnerability.js.map

package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"createVulnerability.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/typescript/utils/createVulnerability.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAuEH,sFAyEC;AA7ID,yEAA4E;AAC5E,6EAA4E;AAmE5E,SAAgB,qCAAqC,CACnD,YAA0C,EAC1C,OAAgB,EAChB,UAAmB,EACnB,UAAmB,EACnB,iBAA0B,EAC1B,cAAuB,EACvB,eAA0B,EAC1B,iBAA0B,EAC1B,gBAAyB,EACzB,sBAA+B;IAE/B,0DAA0D;IAC1D,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,YAAmC,CAAC;QAEnD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEzD,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAS;YAC9C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,wCAAwC;YACnF,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,YAAY,EAAE;gBACZ,WAAW,EAAE,MAAM,CAAC,YAAY,CAAC,WAAW;gBAC5C,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,cAAc,IAAI,EAAE;gBACxD,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,eAAe;aACrD;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM;gBACjC,KAAK,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK;gBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW;aAC5C;SACF,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,MAAM,iBAAiB,GAAG,YAAsB,CAAC;IACjD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,iBAAiB,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,iBAAiB,CAAC,CAAC;IAE3D,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAQ;QACjB,UAAU,EAAE,UAAW;QACvB,IAAI,EAAE,UAAW;QACjB,QAAQ,EAAE,iBAAiB;QAC3B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,GAAG,EAAE,UAAU,CAAC,GAAG;QACnB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,YAAY,EAAE;YACZ,WAAW,EAAE,iBAAkB;YAC/B,cAAc,EAAE,cAAe;YAC/B,eAAe,EAAE,eAAgB;SAClC;QACD,WAAW,EAAE;YACX,MAAM,EAAE,iBAAkB;YAC1B,KAAK,EAAE,gBAAiB;YACxB,WAAW,EAAE,sBAAuB;SACrC;KACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/analyzers/typescript-analyzer.d.ts ADDED Viewed

@@ -0,0 +1,116 @@
+import { ICodeAnalyzer, AnalyzerInput, AnalyzerResult } from './types';
+import { SupportedLanguage } from '../types';
+export declare class TypeScriptAnalyzer implements ICodeAnalyzer {
+    readonly language: SupportedLanguage;
+    /**
+     * Remove string literal content from a line of code
+     * This prevents false positives when analyzing string content as code
+     * Example: 'MyP@ssw0rd!' → '             ' (preserves quotes, replaces content with spaces)
+     *
+     * FIX (2025-11-18): Added to fix false positive detection of ! in string literals
+     * Bug: "const PASSWORD = 'MyP@ssw0rd!';" was detected as non-null assertion
+     */
+    private removeStringLiterals;
+    analyze(input: AnalyzerInput): Promise<AnalyzerResult>;
+    validateSyntax(code: string): Promise<boolean>;
+    getLanguageInfo(): {
+        name: string;
+        extensions: string[];
+        description: string;
+    };
+    private analyzeSyntax;
+    /**
+     * Detect type errors - Type assignability, null/undefined, property access
+     */
+    private detectTypeErrors;
+    /**
+     * Detect type assertions - Unsafe 'as', non-null assertions '!', type predicates
+     */
+    private detectTypeAssertions;
+    /**
+     * Determine if a type assertion is security-relevant
+     * Security-relevant: authentication, authorization, input validation, cryptography
+     * Non-security: environment variables, config values, type conversions
+     */
+    private isSecurityRelevantAssertion;
+    /**
+     * Detect generic issues - Missing type arguments, constraint violations
+     */
+    private detectGenericIssues;
+    /**
+     * Detect union/intersection issues - Discriminated unions, type narrowing failures
+     */
+    private detectUnionIntersectionIssues;
+    /**
+     * Detect class/interface issues - Implementation errors, abstract violations
+     */
+    private detectClassInterfaceIssues;
+    /**
+     * Detect async/Promise issues - Untyped Promises, async without await
+     */
+    private detectAsyncPromiseIssues;
+    /**
+     * Detect module issues - Import/export problems, circular dependencies
+     */
+    private detectModuleIssues;
+    /**
+     * Detect decorator issues - Experimental decorators usage
+     */
+    private detectDecoratorIssues;
+    /**
+     * Detect mapped/conditional type issues - Complex types, recursive limits
+     */
+    private detectMappedConditionalTypes;
+    /**
+     * Detect strict mode violations - Implicit any, null checks violations
+     */
+    private detectStrictModeViolations;
+    /**
+     * Detect any propagation - 'any' type spreading through code
+     */
+    private detectAnyPropagation;
+    /**
+     * Detect performance issues - Type complexity, compilation performance
+     */
+    private detectPerformanceIssues;
+    /**
+     * Detect naming convention violations - TypeScript-specific naming
+     */
+    private detectNamingConventions;
+    /**
+     * Detect configuration issues - tsconfig problems, module resolution
+     */
+    private detectConfigurationIssues;
+    /**
+     * Detect React + TypeScript specific issues
+     */
+    private detectReactTypeScriptIssues;
+    private checkBracketBalance;
+    private analyzeQuality;
+    private analyzePerformance;
+    private analyzeSecurity;
+    /**
+     * P1-5: Generic deduplication for ALL vulnerability types (Dec 30, 2025)
+     * Prevents same vulnerability from being reported multiple times on the same line
+     *
+     * Strategy: Use line + category as unique key, keep highest CVSS score
+     */
+    private deduplicateVulnerabilities;
+    /**
+     * PHASE 6 WEEK 1 DAY 1: Detect duplicate identifier declarations
+     *
+     * Detects when variables, functions, classes, interfaces, or types are declared
+     * multiple times in the same scope, which causes TypeScript compilation errors.
+     *
+     * Examples:
+     * - const API_KEY = 'key1'; const API_KEY = 'key2';  → Duplicate
+     * - function foo() {} function foo() {}  → Duplicate
+     * - interface User {} interface User {}  → Duplicate (unless extending)
+     *
+     * Note: This is a simplified implementation that tracks identifiers at file scope.
+     * Full scope tracking (block scope, function scope) would require AST parsing.
+     */
+    private detectDuplicateIdentifiers;
+    private calculateMetrics;
+}
+//# sourceMappingURL=typescript-analyzer.d.ts.map

package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"typescript-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/typescript-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAuB7C,qBAAa,kBAAmB,YAAW,aAAa;IACtD,SAAgB,QAAQ,EAAE,iBAAiB,CAAgB;IAE3D;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAgDtB,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmCtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;IAmCrB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+JxB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAwH5B;;;;OAIG;IACH,OAAO,CAAC,2BAA2B;IAgCnC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkD3B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IA2DrC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA8DlC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAiEhC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA0E1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAmC7B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAkDpC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAsDlC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA6C5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+C/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAiDjC;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAiFnC,OAAO,CAAC,mBAAmB;IA2K3B,OAAO,CAAC,cAAc;IAwCtB,OAAO,CAAC,kBAAkB;IAwB1B,OAAO,CAAC,eAAe;IA8EvB;;;;;OAKG;IACH,OAAO,CAAC,0BAA0B;IAkDlC;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,0BAA0B;IA2IlC,OAAO,CAAC,gBAAgB;CAqBzB"}